Your search keyword '"Vulnerability (computing)"' showing total 452 results

1. Secure aggregation for federated learning in flower

Author

Nicholas D. Lane, Daniel J. Beutel, Kwing Hei Li, and Pedro Porto Buarque de Gusmão

Subjects

FOS: Computer and information sciences, Computer Science - Machine Learning, 0303 health sciences, Computer Science - Cryptography and Security, Computer science, Distributed computing, Computation, 02 engineering and technology, Python (programming language), Federated learning, Machine Learning (cs.LG), 03 medical and health sciences, 020204 information systems, Threat model, 0202 electrical engineering, electronic engineering, information engineering, Secure multi-party computation, Cryptography and Security (cs.CR), Private information retrieval, computer, Implementation, 030304 developmental biology, computer.programming_language, Vulnerability (computing)

Abstract

Federated Learning (FL) allows parties to learn a shared prediction model by delegating the training computation to clients and aggregating all the separately trained models on the server. To prevent private information being inferred from local models, Secure Aggregation (SA) protocols are used to ensure that the server is unable to inspect individual trained models as it aggregates them. However, current implementations of SA in FL frameworks have limitations, including vulnerability to client dropouts or configuration difficulties. In this paper, we present Salvia, an implementation of SA for Python users in the Flower FL framework. Based on the SecAgg(+) protocols for a semi-honest threat model, Salvia is robust against client dropouts and exposes a flexible and easy-to-use API that is compatible with various machine learning frameworks. We show that Salvia's experimental performance is consistent with SecAgg(+)'s theoretical computation and communication complexities., Comment: Accepted to appear in the 2nd International Workshop on Distributed Machine Learning

Published

2021

2. Analysis of E-Mobility-based Threats to Power Grid Resilience

Author

Christoph Krauß and Dustin Kern

Subjects

Scope (project management), Computer science, Compromise, media_common.quotation_subject, Grid, Computer security, computer.software_genre, Work (electrical), Peak load, Power grid, Resilience (network), computer, Vulnerability (computing), media_common

Abstract

The increasing complexity of the e-mobility infrastructure leads to an increasing risk of security threats, which may negatively affect any connected infrastructures such as the power grid. The grid is one of the most important critical infrastructures, making it a valuable target for cyber attacks. This situation gives rise to the potential of e-mobility-based attacks to the grid, e.g., causing large-scale black outs based on a sudden increase in charging demand. In this paper, we propose a framework for simulating and analyzing the impact of e-mobility-based attacks on grid resilience. We derive e-mobility-specific attacks, based on an analysis of adversaries and threats, and combine these attacks in our framework with models for grid and e-mobility as well as simulation-based outage analysis. In different case studies, the effects of e-mobility-based attacks on grid resilience are evaluated. The results show, e.g., the scope of increased vulnerability during peak load hours, enabling attacks even at low levels of e-mobility compromise, the increased impact of combined attack strategies, and the time from attack to outage, which may decrease to sub-second ranges for high levels of e-mobility growth and compromise. We further discuss potential protection mechanisms for different resilience objectives including approaches for detection, prevention, and response. This work thus provides the basis for comprehensive resilience research regarding the interconnection of e-mobility and grid.

Published

2021

3. Chunk-Level Password Guessing: Towards Modeling Refined Password Composition Representations

Author

Kai Zhang, Ming Xu, Weili Han, C Wang, Junjie Zhang, and Jitao Yu

Subjects

Password, Class (computer programming), Markov chain, business.industry, Computer science, Probabilistic logic, Password cracking, computer.software_genre, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Artificial intelligence, business, Representation (mathematics), computer, Natural language processing, Vulnerability (computing)

Abstract

Textual password security hinges on the guessing models adopted by attackers, in which a suitable password composition representation is an influential factor. Unfortunately, the conventional models roughly regard a password as a sequence of characters, or natural-language-based words, which are password-irrelevant. Experience shows that passwords exhibit internal and refined patterns, e.g., "4ever, ing or 2015", varying significantly among periods and regions. However, the refined representations and their security impacts could not be automatically understood by state-of-the-art guessing models (e.g., Markov). In this paper, we regard a password as a composition of several chunks, where a chunk is a sequence of related characters that appear together frequently, to model passwords. Based on the concept, we propose a password-specific segmentation method that can automatically split passwords into several chunks, and then build three chunk-level guessing models, adopted from Markov, Probabilistic Context-free Grammar (PCFG) and neural-network-based models. Based on the extensive evaluation with over 250 million passwords, these chunk-level models can improve their guessing efficiency by an average of 5.7%, 51.2% and 41.9%, respectively, in an offline guessing scenario, showcasing the power of a suitable password representation during attacks. By analysing these efficient attacks, we find that the presence of common chunks in a password is a stronger indicator for password vulnerability than the character class complexity. To protect users against such attacks, we develop a client-side and real-time password strength meter to estimate the passwords' resistance based on chunk-level guessing models.

Published

2021

4. Facilitating Vulnerability Assessment through PoC Migration

Author

Zicheng Wu, Min Yang, Jiarun Dai, Haiming Lyu, Yuan Zhang, Xinyu Xing, and Hailong Xu

Subjects

Computer science, business.industry, Fuzz testing, Machine learning, computer.software_genre, Task (computing), Software, Vulnerability assessment, False positive paradox, NIST, Artificial intelligence, business, computer, TRACE (psycholinguistics), Vulnerability (computing)

Abstract

Recent research shows that, even for vulnerability reports archived by MITRE/NIST, they usually contain incomplete information about the software's vulnerable versions, making users of under-reported vulnerable versions at risk. In this work, we address this problem by introducing a fuzzing-based method. Technically, this approach first collects the crashing trace on the reference version of the software. Then, it utilizes the trace to guide the mutation of the PoC input so that the target version could follow the trace similar to the one observed on the reference version. Under the mutated input, we argue that the target version's execution could have a higher chance of triggering the bug and demonstrating the vulnerability's existence. We implement this idea as an automated tool, named VulScope. Using 30 real-world CVEs on 470 versions of software, VulScope is demonstrated to introduce no false positives and only 7.9% false negatives while migrating PoC from one version to another. Besides, we also compare our method with two representative fuzzing tools AFL and AFLGO. We find VulScope outperforms both of these existing techniques while taking the task of PoC migration. Finally, by using VulScope, we identify 330 versions of software that MITRE/NIST fails to report as vulnerable.

Published

2021

5. Sealed Storage for Low-Cost IoT Devices: an Approach Using SRAM PUFs and Post-Quantum Cryptography

Author

Roberto Román and Iluminada Baturone

Subjects

Post-quantum cryptography, Hardware security module, Cryptographic primitive, Computer science, business.industry, Encryption, Computer security, computer.software_genre, Microcontroller, State (computer science), Data in transit, business, computer, Vulnerability (computing)

Abstract

The number of Internet of Things (IoT) devices is increasing since they can solve many problems, such as those found in healthcare or power grid. Since they are susceptible to be attacked, solutions must be explored to make them more trustworthy and, thus, increment the confidence of their users. It is common that trusted devices use secret keys to achieve confidentiality of data stored in non-volatile memory, data in transit, and to authenticate themselves to other parties. However, these keys can be compromised if an attacker takes control of the platform by exploiting some vulnerability. In this work, we propose to seal the secret keys to the platform and to a specific state, mainly associated with the memory content and determined in a development stage. The secret keys are encrypted with a Sealing Secret Key that is not stored in the device, but obfuscated with an SRAM PUF, making it more secure. When a secret key has to be sealed or unsealed, functions called seal() and unseal() are employed. They have atomic execution and are stored in a ROM memory. Their goal is to measure the state of the platform and recuperate the sealing secret key only if the measurement matches a valid one signed by the application developer. As quantum computers are emerging and future IoT devices must be resistant to attacks performed by them, we choose Dilithium and Saturnin as cryptographic primitives. Benchmarking results taken in an ESP32 microcontroller show the suitability of the proposal for an IoT device.

Published

2021

6. Who you gonna call?

Author

Frank Li and Tara Poteat

Subjects

Work (electrical), Standardization, Computer science, business.industry, Software deployment, Internet privacy, business, Web application security, Vulnerability (computing)

Abstract

The security.txt proposed standard allows organizations to define how security researchers should disclose security issues. While it is still proceeding through the final stages of standardization, major online services have already adopted the standard (such as Google, Facebook, LinkedIn, and Github). In this work, we conduct an empirical investigation into how websites are deploying security.txt. We first monitor security.txt adoption over a 15-month period, identifying the level of deployment for top websites. We also characterize the information being provided through security.txt and issues present in the provided data. Ultimately, our analysis sheds light on how the security.txt mechanism manifests in practice and its implications for vulnerability reporting, particularly for large-scale automated notification campaigns.

Published

2021

7. Towards Anomaly-resistant Graph Neural Networks via Reinforcement Learning

Author

Huan Liu, Kaize Ding, and Xuan Shan

Subjects

Scheme (programming language), Structure (mathematical logic), business.industry, Computer science, Node (networking), Machine learning, computer.software_genre, Reinforcement learning, Domain knowledge, Anomaly detection, Artificial intelligence, Anomaly (physics), business, computer, computer.programming_language, Vulnerability (computing)

Abstract

In general, graph neural networks (GNNs) adopt the message-passing scheme to capture the information of a node (i.e., nodal attributes, and local graph structure) by iteratively transforming, aggregating the features of its neighbors. Nonetheless, recent studies show that the performance of GNNs can be easily hampered by the existence of abnormal or malicious nodes due to the vulnerability of neighborhood aggregation. Thus it is necessary to learn anomaly-resistant GNNs without the prior knowledge of ground-truth anomalies, given the fact that labeling anomalies is costly and requires intensive domain knowledge. Though removing anomalies through unsupervised anomaly detection methods could be a possible solution, it may render unreasonable GNN model performance on target tasks due to the non-differentiable gap between the two learning procedures. In order to keep the effectiveness of GNNs on anomaly-contaminated graphs, in this paper, we propose a new framework named RARE-GNN (Reinforced Anomaly-REsistant Graph Neural Networks) which can detect anomalies from the input graph and learn anomaly-resistant GNNs simultaneously. Extensive experiments on real-world datasets demonstrate the effectiveness of the proposed framework.

Published

2021

8. Adversarial Reprogramming of Pretrained Neural Networks for Fraud Detection

Author

Yanfang Ye, Yujie Fan, and Lingwei Chen

Subjects

Artificial neural network, Computer science, business.industry, Construct (python library), Machine learning, computer.software_genre, Task (project management), Adversarial system, Leverage (statistics), Artificial intelligence, business, computer, Host (network), Database transaction, Vulnerability (computing)

Abstract

Machine learning models have been widely used for fraud detection, while developing and maintaining these models often suffers from significant limitations in terms of training data scarcity and constrained resources. To address these issues, in this paper, we leverage machine learning vulnerability to adversarial attacks, and design a novel model AdvRFD that Adversarially Reprograms an ImageNet classification neural network for Fraud Detection task. AdvRFD first embeds transaction features into a host image to construct new ImageNet data, and then learns a universal perturbation to be added to all inputs, such that the outputs of the pretrained model can be accordingly mapped to the final detection decisions for all transactions. Extensive experiments on two transaction datasets made over Ethereum and credit cards have demonstrated that AdvRFD is effective to detect fraud using limited data and resources.

Published

2021

9. A Deeper Look into RowHammer’s Sensitivities: Experimental Analysis of Real DRAM Chips and Implications on Future Attacks and Defenses

Author

Onur Mutlu, Abdullah Giray Yağlıkçı, Lois Orosa, Jisung Park, Hasan Hassan, Minesh Patel, Ataberk Olgun, Jeremie S. Kim, and Haocong Luo

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Hardware_MEMORYSTRUCTURES, Computer science, business.industry, Chip, Column (database), Cell size, Active time, Embedded system, Hardware Architecture (cs.AR), Computer Science - Hardware Architecture, business, Cryptography and Security (cs.CR), Row, Dram, Vulnerability (computing)

Abstract

RowHammer is a circuit-level DRAM vulnerability where repeatedly accessing (i.e., hammering) a DRAM row can cause bit flips in physically nearby rows. The RowHammer vulnerability worsens as DRAM cell size and cell-to-cell spacing shrink. Recent studies demonstrate that modern DRAM chips, including chips previously marketed as RowHammer-safe, are even more vulnerable to RowHammer than older chips such that the required hammer count to cause a bit flip has reduced by more than 10X in the last decade. Therefore, it is essential to develop a better understanding and in-depth insights into the RowHammer vulnerability of modern DRAM chips to more effectively secure current and future systems. Our goal in this paper is to provide insights into fundamental properties of the RowHammer vulnerability that are not yet rigorously studied by prior works, but can potentially be $i$) exploited to develop more effective RowHammer attacks or $ii$) leveraged to design more effective and efficient defense mechanisms. To this end, we present an experimental characterization using 248~DDR4 and 24~DDR3 modern DRAM chips from four major DRAM manufacturers demonstrating how the RowHammer effects vary with three fundamental properties: 1)~DRAM chip temperature, 2)~aggressor row active time, and 3)~victim DRAM cell's physical location. Among our 16 new observations, we highlight that a RowHammer bit flip 1)~is very likely to occur in a bounded range, specific to each DRAM cell (e.g., 5.4% of the vulnerable DRAM cells exhibit errors in the range 70C to 90C), 2)~is more likely to occur if the aggressor row is active for longer time (e.g., RowHammer vulnerability increases by 36% if we keep a DRAM row active for 15 column accesses), and 3)~is more likely to occur in certain physical regions of the DRAM module under attack (e.g., 5% of the rows are 2x more vulnerable than the remaining 95% of the rows)., A shorter version of this work is to appear at the 54th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO-54), 2021

Published

2021

10. Uncovering In-DRAM RowHammer Protection Mechanisms:A New Methodology, Custom RowHammer Patterns, and Implications

Author

Onur Mutlu, Kaveh Razavi, Hasan Hassan, Victor van der Veen, Yahya Can Tugrul, and Jeremie S. Kim

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Hardware_MEMORYSTRUCTURES, Computer science, business.industry, Reliability (computer networking), Commit, Embedded system, Hardware Architecture (cs.AR), Side channel attack, Data retention, Computer Science - Hardware Architecture, business, Cryptography and Security (cs.CR), Row, Implementation, Dram, Vulnerability (computing)

Abstract

The RowHammer vulnerability in DRAM is a critical threat to system security. To protect against RowHammer, vendors commit to security-through-obscurity: modern DRAM chips rely on undocumented, proprietary, on-die mitigations, commonly known as Target Row Refresh (TRR). At a high level, TRR detects and refreshes potential RowHammer-victim rows, but its exact implementations are not openly disclosed. Security guarantees of TRR mechanisms cannot be easily studied due to their proprietary nature. To assess the security guarantees of recent DRAM chips, we present Uncovering TRR (U-TRR), an experimental methodology to analyze in-DRAM TRR implementations. U-TRR is based on the new observation that data retention failures in DRAM enable a side channel that leaks information on how TRR refreshes potential victim rows. U-TRR allows us to (i) understand how logical DRAM rows are laid out physically in silicon; (ii) study undocumented on-die TRR mechanisms; and (iii) combine (i) and (ii) to evaluate the RowHammer security guarantees of modern DRAM chips. We show how U-TRR allows us to craft RowHammer access patterns that successfully circumvent the TRR mechanisms employed in 45 DRAM modules of the three major DRAM vendors. We find that the DRAM modules we analyze are vulnerable to RowHammer, having bit flips in up to 99.9% of all DRAM rows. We make U-TRR source code openly and freely available at [106]., This work is to appear at the 54th IEEE/ACM International Symposium on Microarchitecture (MICRO 2021)

Published

2021

11. Validation of Side-Channel Models via Observation Refinement

Author

Andreas Lindner, Hamed Nemati, Roberto Guanciale, and Pablo Buiras

Subjects

Soundness, Cache coloring, Computer science, Speculative execution, State space, Side channel attack, Data mining, Information flow (information theory), computer.software_genre, Focus (optics), computer, Vulnerability (computing)

Abstract

Observational models enable the analysis of information flow properties against side channels. Relational testing has been used to validate the soundness of these models by measuring the side channel on states that the model considers indistinguishable. However, unguided search can generate test states that are too similar to each other to invalidate the model. To address this we introduce observation refinement, a technique to guide the exploration of the state space to focus on hardware features of interest. We refine observational models to include fine-grained observations that characterize behavior that we want to exclude. States that yield equivalent refined observations are then ruled out, reducing the size of the space. We have extended an existing model validation framework, Scam-V, to support refinement. We have evaluated the usefulness of refinement for search guidance by analyzing cache coloring and speculative leakage in the ARMv8-A architecture. As a surprising result, we have exposed SiSCLoak, a new vulnerability linked to speculative execution in Cortex-A53.

Published

2021

12. The Curse of Correlations for Robust Fingerprinting of Relational Databases

Author

Emre Yilmaz, Pan Li, Tianxi Ji, and Erman Ayday

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer science, Relational database, Data_MISCELLANEOUS, Fingerprint (computing), Databases (cs.DB), computer.software_genre, Data sharing, Computer Science - Databases, Robustness (computer science), Data mining, Correlation attack, Cryptography and Security (cs.CR), computer, Vulnerability (computing)

Abstract

Database fingerprinting have been widely adopted to prevent unauthorized sharing of data and identify the source of data leakages. Although existing schemes are robust against common attacks, like random bit flipping and subset attack, their robustness degrades significantly if attackers utilize the inherent correlations among database entries. In this paper, we first demonstrate the vulnerability of existing database fingerprinting schemes by identifying different correlation attacks: column-wise correlation attack, row-wise correlation attack, and the integration of them. To provide robust fingerprinting against the identified correlation attacks, we then develop mitigation techniques, which can work as post-processing steps for any off-the-shelf database fingerprinting schemes. The proposed mitigation techniques also preserve the utility of the fingerprinted database considering different utility metrics. We empirically investigate the impact of the identified correlation attacks and the performance of mitigation techniques using real-world relational databases. Our results show (i) high success rates of the identified correlation attacks against existing fingerprinting schemes (e.g., the integrated correlation attack can distort 64.8\% fingerprint bits by just modifying 14.2\% entries in a fingerprinted database), and (ii) high robustness of the proposed mitigation techniques (e.g., with the mitigation techniques, the integrated correlation attack can only distort $3\%$ fingerprint bits)., Comment: To appear in 24th International Symposium on Research in Attacks, Intrusions and Defenses (RAID'21)

Published

2021

13. GrandDetAuto: Detecting Malicious Nodes in Large-Scale Autonomous Networks

Author

Patrick Jauernig, Tigist Abera, Ahmad-Reza Sadeghi, Lachlan J. Gunn, Ferdinand Brasser, and David Koisser

Subjects

Scheme (programming language), Computer science, Distributed computing, Scale (chemistry), 020206 networking & telecommunications, Network size, 02 engineering and technology, Critical infrastructure, 020202 computer hardware & architecture, Range (mathematics), Consensus, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), computer, Vulnerability (computing), computer.programming_language

Abstract

Autonomous collaborative networks of devices are rapidly emerging in numerous domains, such as self-driving cars, smart factories, critical infrastructure, and Internet of Things in general. Although autonomy and self-organization are highly desired properties, they increase vulnerability to attacks. Hence, autonomous networks need dependable mechanisms to detect malicious devices in order to prevent compromise of the entire network. However, current mechanisms to detect malicious devices either require a trusted central entity or scale poorly. In this paper, we present GrandDetAuto, the first scheme to identify malicious devices efficiently within large autonomous networks of collaborating entities. GrandDetAuto functions without relying on a central trusted entity, works reliably for very large networks of devices, and is adaptable to a wide range of application scenarios thanks to interchangeable components. Our scheme uses random elections to embed integrity validation schemes in distributed consensus, providing a solution supporting tens of thousands of devices. We implemented and evaluated a concrete instance of GrandDetAuto on a network of embedded devices and conducted large-scale network simulations with up to 100 000 nodes. Our results show the effectiveness and efficiency of our scheme, revealing logarithmic growth in run-time and message complexity with increasing network size. Moreover, we provide an extensive evaluation of key parameters showing that GrandDetAuto is applicable to many scenarios with diverse requirements.

Published

2021

14. Hierarchical Quantitative Assessment Method of Network Security Threat Situation

Author

Deng Wei, Liu Xinlin, and Huang Ping

Subjects

Service (systems architecture), Computer science, Network security, business.industry, computer.software_genre, Data set, Order (exchange), Evaluation methods, Quantitative assessment, Data mining, business, Hidden Markov model, computer, Vulnerability (computing)

Abstract

In order to evaluate the security status of network system accurately and efficiently, this paper proposes a hierarchical quantitative evaluation method of network security threat situation based on Hidden Markov model (HMM). This paper first quantifies the security situation by combining the types of network threats and service vulnerability information, and then extends to the whole network according to the hierarchical strategy. The simulation results based on IWPCC2015 data set show that this method can complete the network security situation awareness and evaluation. The experimental results provide a certain reference for the research of hierarchical network security threat situation quantitative assessment method.

Published

2021

15. The Idiosyncratic Effects of Adversarial Training on Bias in Personalized Recommendation Learning

Author

Tommaso Di Noia, Felice Antonio Merra, and Vito Walter Anelli

Subjects

business.industry, Computer science, Novelty, Adversarial machine learning, Recommender system, Machine learning, computer.software_genre, Popularity, Regularization (mathematics), Adversarial system, Code (cryptography), Artificial intelligence, business, computer, Vulnerability (computing)

Abstract

Recently, recommendation systems have been proven to be susceptible to malicious perturbations of the model weights. To overcome this vulnerability, Adversarial Regularization emerged as one of the most effective solutions. Interestingly, the technique not only robustifies the model, but also significantly increases its accuracy. To date, unfortunately, the effect of Adversarial Regularization beyond-accuracy evaluation dimensions is unknown. This paper sheds light on these aspects and investigates how Adversarial Regularization impacts the amplification of popularity bias, and the deterioration of novelty and coverage of the recommendation list. The results highlight that, with imbalanced data distribution, Adversarial Regularization amplifies the popularity bias. Moreover, the empirical validation on five datasets confirms that it degrades the diversity and novelty of the generated recommendation. Code and data are available at https://github.com/sisinflab/The-Idiosyncratic-Effects-of-Adversarial-Training.

Published

2021

16. A Recommender System for Tracking Vulnerabilities

Author

Kylie McClanahan, Qinghua Li, Thao Le, and Philip Dale Huff

Subjects

Identification (information), Kludge, Software, business.industry, Vendor, Computer science, Recommender system, Software engineering, business, Pipeline (software), Coding (social sciences), Vulnerability (computing)

Abstract

Mitigating vulnerabilities in software requires first identifying the vulnerabilities with an organization’s software assets. This seemingly trivial task involves maintaining vendor product vulnerability notification for a kludge of hardware and software packages from innumerable software publishers, coding projects, and third-party package managers. On the other hand, software vulnerability databases are often consistently reported and categorized in clean, standard formats and neatly tied to a common software product enumerator (i.e., CPE). Currently it is a heavy workload for cybersecurity analysts at organizations to match their hardware and software package inventory to target CPEs. This hinders organizations from getting notifications for new vulnerabilities, and identifying applicable vulnerabilities. In this paper, we present a recommender system to automatically identify a minimal candidate set of CPEs for software names to improve vulnerability identification and alerting accuracy. The recommender system uses a pipeline of natural language processing, fuzzy matching, and machine learning to significantly reduce the human effort needed for software product vulnerability matching.

Published

2021

17. OVANA: An Approach to Analyze and Improve the Information Quality of Vulnerability Databases

Author

Christian Reuter, Markus Bayer, Philipp Kuehn, and Marc Wendelborn

Subjects

Database, Computer science, business.industry, media_common.quotation_subject, Deep learning, National Vulnerability Database, Information quality, computer.software_genre, CVSS, Quality (business), Artificial intelligence, business, Completeness (statistics), computer, Relevant information, media_common, Vulnerability (computing)

Abstract

Vulnerability databases are one of the main information sources for IT security experts. Hence, the quality of their information is of utmost importance for anyone working in this area. Previous work has shown that machine readable information is either missing, incorrect, or inconsistent with other data sources. In this paper, we introduce a system called Overt Vulnerability source ANAlysis (OVANA), which analyzes the information quality of vulnerability databases utilizing state-of-the-art machine learning (ML) and natural language processing (NLP) techniques, searches the free-form description for relevant information missing from structured fields, and updates it accordingly. Our paper exemplifies that on the National Vulnerability Database, showing that OVANA is able to improve the information quality by 51.23% based on the indicators of accuracy, completeness, and uniqueness. Moreover, we present information which should be incorporated into the structured fields to increase the uniqueness of vulnerability entries and improve the discriminability of different vulnerability entries. The identified information from OVANA enables a more targeted vulnerability search and provides guidance for IT security experts in finding relevant information in vulnerability descriptions for severity assessment.

Published

2021

18. Indirect Invisible Poisoning Attacks on Domain Adaptation

Author

Jun Wu and Jingrui He

Subjects

Domain adaptation, Computer science, business.industry, Generalization, Feature vector, Artificial intelligence, Space (commercial competition), business, Machine learning, computer.software_genre, computer, Vulnerability (computing), Domain (software engineering)

Abstract

Unsupervised domain adaptation has been successfully applied across multiple high-impact applications, since it improves the generalization performance of a learning algorithm when the source and target domains are related. However, the adversarial vulnerability of domain adaptation models has largely been neglected. Most existing unsupervised domain adaptation algorithms might be easily fooled by an adversary, resulting in deteriorated prediction performance on the target domain, when transferring the knowledge from a maliciously manipulated source domain. To demonstrate the adversarial vulnerability of existing domain adaptation techniques, in this paper, we propose a generic data poisoning attack framework named I2Attack for domain adaptation with the following properties: (1) perceptibly unnoticeable: all the poisoned inputs are natural-looking; (2)adversarially indirect: only source examples are maliciously manipulated; (3) algorithmically invisible: both source classification error and marginal domain discrepancy between source and target domains will not increase. Specifically, it aims to degrade the overall prediction performance on the target domain by maximizing the label-informed domain discrepancy over both input feature space and class-label space be-tween source and target domains. Within this framework, a family of practical poisoning attacks are presented to fool the existing domain adaptation algorithms associated with different discrepancy measures. Extensive experiments on various domain adaptation benchmarks confirm the effectiveness and computational efficiency of our proposed I2Attack framework.

Published

2021

19. A Framework for Modeling Cyber Attack Techniques from Security Vulnerability Descriptions

Author

Yuval Elovici, Masaki Inokuchi, Tomohiko Yagyu, Ron Bitton, Hodaya Binyamini, and Asaf Shabtai

Subjects

Computer science, Cyber-attack, Linguistic model, Transition probability matrix, Data mining, Attack graph, computer.software_genre, Pipeline (software), Recurrent neural network model, computer, Vulnerability (computing), Task (project management)

Abstract

Attack graphs are one of the main techniques used to automate the cybersecurity risk assessment process. In order to derive a relevant attack graph, up-to-date information on known cyber attack techniques should be represented as interaction rules. However, designing and creating new interaction rules is a time consuming task performed manually by security experts. We present a novel, end-to-end, automated framework for modeling new attack techniques from the textual description of security vulnerabilities. Given a description of a security vulnerability, the proposed framework first extracts the relevant attack entities required to model the attack, completes missing information on the vulnerability, and derives a new interaction rule that models the attack; this new rule is then integrated within the MulVal attack graph tool. The proposed framework implements a novel data science pipeline that includes a dedicated cybersecurity linguistic model trained on the NVD repository, a recurrent neural network model used for attack entity extraction, a logistic regression model used for completing the missing information, and a transition probability matrix for automatically generating new interaction rule. We evaluated the performance of each of the individual algorithms, as well as the complete framework, and demonstrated its effectiveness.

Published

2021

20. Through the Spyglass: Towards IoT Companion App Man-in-the-Middle Attacks

Author

Daniel Campos, TJ OConnor, and Dylan Jessee

Subjects

business.industry, Computer science, Cloud computing, Transparency (human–computer interaction), Man-in-the-middle attack, Computer security, computer.software_genre, Home automation, Server, Confidentiality, business, Mobile device, computer, Vulnerability (computing)

Abstract

The lack of mature development in smart home companion applications complicates Internet of Things (IoT) security and privacy. Companion applications offer transparency and control for smart home devices that otherwise lack displays or interfaces. We access our smart home devices through a distributed communication architecture that seamlessly integrates smart home devices, cloud-based servers, and our mobile devices. This paper seeks to better understand IoT security and privacy by studying the design flaws of this distributed communications channel for smart home devices. To understand this, we then assess the vulnerability of 20 popular smart home vendors to this attack. Our analysis discovers pervasive failures in the distributed communications channels across 16 different vendors. A successful attack allows adversaries to conceal device users, manipulate the state of locks, spoof camera images, and manipulate history log files. While our work uncovers pervasive failures, vendors can take measures to improve confidentiality and integrity in smart home devices and their applications.

Published

2021

21. Toward Tracing the Source of Web Attacks Targeted at Web Applications

Author

Yi Ling, Xingmin Wu, Shuo Wen, Qi Wu, and Zhilong Ye

Subjects

Service (systems architecture), IP traceback, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Tracing, computer.software_genre, Computer security, Proxy server, Web application, Overhead (computing), Artificial intelligence, Web service, business, computer, Vulnerability (computing)

Abstract

Nowadays, with the popularity of the computer network, we are facing to complex web service functions and rampant web attacks. In this paper, a research on web attack traceback technology is present for accurately identifying attack source, timely blocking target IP, patching service vulnerability, storing and identifying attack vectors. Existing traceback systems need to change web-based business code or architecture of server route, however, our traceback system can analyze and manage web access behaviors via proxy server, require no agent, and simulate the traceback to source of web attack with the features such as high compatibility, low performance overhead and quick traceback.

Published

2021

22. A Vulnerability of Dynamic Network Address Translation to Denial-of-Service Attacks

Author

Shigeo Akashi and Yao Tong

Subjects

Dynamic network analysis, Network security, business.industry, Computer science, computer.internet_protocol, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Denial-of-service attack, Computer security, computer.software_genre, IPv4, Traffic congestion, Routing (electronic design automation), business, computer, Network address translation, Vulnerability (computing)

Abstract

It is well known that Network Address Translation plays not only an important role as the soltion to the IPv4 Depletion problem but also another important one as the enhancement of network security. Actually, it sometimes happens that some newly born network skills are not always compatible with other ready-constructed network ones. In this paper, we point out that the simulutaneous use of network routing and Network Address Translation may bring about an unexpected network traffic congestion. Exactly speaking. in the former half of this paper, we point out the fact that, if we apply dynamic routing together with static one simultaneously, another type of network traffic congestion, which resembles what is brought about by the routing loop, may happen spontaneously, and in the latter half of this paper, we discuss the problem asking if this network traffic congestion can be brought about not only spontaneously but also intentionally for preventing malicious cyber attackers from using this phenomenon intentionally.

Published

2021

23. Adversarial Text Generation for Personality Privacy Protection

Author

Qingbiao Li, Xiujuan Wang, Zhe Wang, Maonan Wang, and Kangfeng Zheng

Subjects

Computer science, media_common.quotation_subject, Privacy protection, Cosine similarity, Computer security, computer.software_genre, Task (project management), Adversarial system, Text generation, Personality, Set (psychology), computer, Vulnerability (computing), media_common

Abstract

Protecting the user's personality privacy can effectively interfere with or deceive the attacker's personality analysis, avoid the attacker's use of personality vulnerability, and reduce the success rate of social engineering attacks. However, the current research on personality privacy protection is at a blank stage. To solve this problem, we propose a personality privacy protection method based on adversarial text generation. This paper mainly uses gradient-based adversarial method and cosine similarity to generation adversarial text. We formed a set of replacement words to test the impact of the number of replacement words on the performance of the model. Experiments show that the method proposed in this paper has achieved good effects on model attacks (reducing the performance of the model), and can well complete the task of protecting personality privacy.

Published

2021

24. Hedging Against Sore Loser Attacks in Cross-Chain Transactions

Author

Yingjie Xue and Maurice Herlihy

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer science, Computer security, computer.software_genre, Computer Science - Distributed, Parallel, and Cluster Computing, Asynchronous communication, Computer Science - Data Structures and Algorithms, Common value auction, Data Structures and Algorithms (cs.DS), Distributed, Parallel, and Cluster Computing (cs.DC), Cryptography and Security (cs.CR), computer, Short duration, Vulnerability (computing)

Abstract

A *sore loser attack* in cross-blockchain commerce rises when one party decides to halt participation partway through, leaving other parties' assets locked up for a long duration. Although vulnerability to sore loser attacks cannot be entirely eliminated, it can be reduced to an arbitrarily low level. This paper proposes new distributed protocols for hedging a range of cross-chain transactions in a synchronous communication model, such as two-party swaps, $n$-party swaps, brokered transactions, and auctions., Comment: To apper in PODC 2021

Published

2021

25. RAProducer: efficiently diagnose and reproduce data race bugs for binaries via trace analysis

Author

Yun Li, Yeseop Lee, Ming Yuan, Chao Zhang, Bodong Zhao, and Yan Cai

Subjects

Security analysis, Source code, Interleaving, Computer science, Programming language, media_common.quotation_subject, Sample (statistics), Thread (computing), computer.software_genre, Kernel (linear algebra), computer, TRACE (psycholinguistics), Vulnerability (computing), media_common

Abstract

A growing number of bugs have been reported by vulnerability discovery solutions. Among them, some bugs are hard to diagnose or reproduce, including data race bugs caused by thread interleavings. Few solutions are able to well address this issue, due to the huge space of interleavings to explore. What’s worse, in security analysis scenarios, analysts usually have no access to the source code of target programs and have troubles in comprehending them. In this paper, we propose a general solution RAProducer to efficiently diagnose and reproduce data race bugs, for both user-land binary programs and kernels without source code. The efficiency of RAProducer is achieved by analyzing the execution trace of the given PoC (proof-of-concept) sample to recognize race- and bug-related elements (including locks and shared variables), which greatly facilitate narrowing down the huge search space of data race spots and thread interleavings. We have implemented a prototype of RAProducer and evaluated it on 7 kernel and 10 user-land data race bugs. Evaluation results showed that, RAProducer is effective at reproducing all these bugs. More importantly, it enables us to diagnose 2 extra real world bugs which are left unconfirmed for a long time. It is also efficient as it reduces candidate data race spots of each bug to a small set, and narrows down the thread interleaving greatly.RAProducer is also more effective in reproducing real-world data race bugs than other state-of-the-art solutions.

Published

2021

26. Lighter and Better: Low-Rank Decomposed Self-Attention Networks for Next-Item Recommendation

Author

Xing Xie, Xinyan Fan, Wayne Xin Zhao, Zheng Liu, Ji-Rong Wen, and Jianxun Lian

Subjects

Sequence, Theoretical computer science, Spacetime, Computer science, Position (vector), Encoding (memory), Rank (computer programming), Constant (mathematics), Representation (mathematics), Vulnerability (computing)

Abstract

Self-attention networks (SANs) have been intensively applied for sequential recommenders, but they are limited due to: (1) the quadratic complexity and vulnerability to over-parameterization in self-attention; (2) inaccurate modeling of sequential relations between items due to the implicit position encoding. In this work, we propose the low-rank decomposed self-attention networks (LightSANs) to overcome these problems. Particularly, we introduce the low-rank decomposed self-attention, which projects user's historical items into a small constant number of latent interests and leverages item-to-interest interaction to generate the context-aware representation. It scales linearly w.r.t. the user's historical sequence length in terms of time and space, and is more resilient to over-parameterization. Besides, we design the decoupled position encoding, which models the sequential relations between items more precisely. Extensive experimental studies are carried out on three real-world datasets, where LightSANs outperform the existing SANs-based recommenders in terms of both effectiveness and efficiency.

Published

2021

27. Empirical evaluation of smart contract testing: what is the best choice?

Author

Zhenyang Xu, Yu Jiang, Zijing Yin, Meng Ren, Chengnian Sun, Fuchen Ma, Huizhong Li, and Yan Cai

Subjects

Work (electrical), Risk analysis (engineering), Smart contract, Computer science, Process (engineering), Code (cryptography), Vulnerability detection, Vulnerability (computing)

Abstract

Security of smart contracts has attracted increasing attention in recent years. Many researchers have devoted themselves to devising testing tools for vulnerability detection. Each published tool has demonstrated its effectiveness through a series of evaluations on their own experimental scenarios. However, the inconsistency of evaluation settings such as different data sets or performance metrics, may result in biased conclusion. In this paper, based on an empirical evaluation of widely used smart contract testing tools, we propose a unified standard to eliminate the bias in the assessment process. First, we collect 46,186 source-available smart contracts from four influential organizations. This comprehensive dataset is open to the public and involves different code characteristics, vulnerability patterns and application scenarios. Then we propose a 4-step evaluation process and summarize the difference among relevant work in these steps. We use nine representative tools to carry out extensive experiments. The results demonstrate that different choices of experimental settings could significantly affect tool performance and lead to misleading or even opposite conclusions. Finally, we generalize some problems of existing testing tools, and propose some possible directions for further improvement.

Published

2021

28. EvolMusic

Author

Mariele Motta, Tanja Hagemann, Felix Assion, and Sebastian Fischer

Subjects

Black box (phreaking), Adversarial system, Artificial neural network, Computer science, business.industry, Speech recognition, Deep learning, Genetic algorithm, Artificial intelligence, Musical, business, Vulnerability (computing), Domain (software engineering)

Abstract

Automatic Speech Recognition (ASR) has undergone substantial improvements since the incorporation of deep learning. However, the vulnerability of neural networks to imperceptible adversarial perturbations exposes ASR-based devices to potentially serious threats. So far, imperceptibility of audio adversarial examples has been associated with small, or inaudible perturbations. In this paper, we expand the domain of viable audio adversarial examples to include audible, but inconspicuous adversarial perturbations. We present EvolMusic, the first targeted adversarial attack based on musical note-sequences. Our musical perturbations are generated via an adaptive evolutionary approach in a black-box setting. We evaluate our attack against DeepSpeech v0.9.1 using the Fluent Speech Commands dataset.

Published

2021

29. Simulating a logistics enterprise using an asymmetrical wargame simulation with soar reinforcement learning and coevolutionary algorithms

Author

Erik Hemberg, Una-May O'Reilly, Ying Zhao, Gabino Mata, and Nate Derbinsky

Subjects

Wargame, Computer science, business.industry, Supply chain, Enterprise value, Key (cryptography), Reinforcement learning, Soar, business, Algorithm, Agile software development, Vulnerability (computing)

Abstract

We demonstrate an innovative framework (CoEvSoarRL) that leverages machine learning algorithms to optimize and simulate a resilient and agile logistics enterprise to improve the readiness and sustainment, as well as reduce the operational risk. The CoEvSoarRL is an asymmetrical wargame simulation that leverages reinforcement learning and coevolutionary algorithms to improve the functions of a total logistics enterprise value chain. We address two of the key challenges: (1) the need to apply holistic prediction, optimization, and wargame simulation to improve the total logistics enterprise readiness; (2) the uncertainty and lack of data which require large-scale systematic what-if scenarios and analysis of alternatives to simulate potential new and unknown situations. Our CoEvSoarRL learns a model of a logistic enterprise environment from historical data with Soar reinforcement learning. Then the Soar model is used to evaluate new decisions and operating conditions. We simulate the logistics enterprise vulnerability (risk) and evolve new and more difficult operating conditions (tests); meanwhile we also coevolve better logistics enterprise decision (solutions) to counter the tests. We present proof-of-concept results from a US Marine Corps maintenance and supply chain data set.

Published

2021

30. Privacy Preservation Techniques for Sequential Data Releasing

Author

Srikul Nanthachumphu, Noppamas Riyana, and Surapon Riyana

Subjects

Constraint (information theory), Public use, Work (electrical), Computer science, Data_MISCELLANEOUS, Sequential data, Computer security, computer.software_genre, computer, Vulnerability (computing)

Abstract

Privacy violation is a serious issue that must be considered when datasets are released for public use. To address this issue, a well-known privacy preservation model, l-Diversity, is proposed. Unfortunately, l-Diversity is generally proposed to address privacy violation issues in datasets that are focused on performing one-time data releasing. For this reason, l-Diversity could be inadequate to preserve the privacy data if datasets are dynamic and released at all times. To rid this vulnerability of l-Diversity, a new privacy preservation model for sequential data releasing to be proposed in this work, so called as e-Error and l-Diversity. Aside from privacy preservation constraints, the complexity and the data utility are also maintained in the privacy preservation constraint of the proposed model.

Published

2021

31. A Privacy Preservation Model for RFID Data-Collections is Highly Secure and More Efficient than LKC-Privacy

Author

Surapon Riyana and Noppamas Riyana

Subjects

Data collection, Supply chain management, Work (electrical), Public use, Computer science, Asset tracking, Trajectory, Computer security, computer.software_genre, computer, Counterfeit, Vulnerability (computing)

Abstract

RFID is a smart label technology that is used in several real-life applications such as inventory management, asset tracking, personnel tracking, controlling access to restricted areas, ID badging, supply chain management, counterfeit prevention (e.g., in the pharmaceutical industry), and smart farming. Generally, the data collection of RFIDs consists of the users’ visited locations and their visiting time, so called as trajectory datasets. Aside from applications, trajectory datasets can also be released for public use. For this reason, they could lead to being privacy violation issues. To address these issues in trajectory datasets, LKC-Privacy is proposed. Unfortunately, in this work, we demonstrate that LKC-Privacy still has a serious vulnerability that must be improved. To rid the demonstrated vulnerability of LKC-Privacy, a privacy preservation model is proposed in this work. Furthermore, the proposed mode is evaluated by extensive experiments. From the experimental results, they indicate that the proposed model is highly secure and more efficient than LKC-Privacy.

Published

2021

32. Spearphone

Author

Yingying Chen, Jian Liu, S Abhishek Anand, Nitesh Saxena, and Chen Wang

Subjects

Exploit, Computer science, Speech recognition, 020208 electrical & electronic engineering, 02 engineering and technology, Accelerometer, Information sensitivity, Phone, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Feature (machine learning), Loudspeaker, Side channel attack, Vulnerability (computing)

Abstract

In this paper, we build a speech privacy attack that exploits speech reverberations from a smartphone's inbuilt loudspeaker captured via a zero-permission motion sensor (accelerometer). We design our attack Spearphone, and demonstrate that speech reverberations from inbuilt loudspeakers, at an appropriate loudness, can impact the accelerometer, leaking sensitive information about the speech. In particular, we show that by exploiting the affected accelerometer readings and carefully selecting feature sets along with off-the-shelf machine learning techniques, Spearphone can perform gender classification (accuracy over 90%) and speaker identification (accuracy over 80%) for the audio/video playback on the smartphone for our recorded dataset. We use lightweight classifiers and an off-the-shelf machine learning tool so that the attacking effort is minimized, making our attack practical. Our results with testing the attack on a voice call and voice assistant response were also encouraging, showcasing the impact of the proposed attack. In addition, we perform speech recognition and speech reconstruction to extract more information about the eavesdropped speech to an extent. Our work brings to light a fundamental design vulnerability in many currently-deployed smartphones, which may put people's speech privacy at risk while using the smartphone in the loudspeaker mode during phone calls, media playback or voice assistant interactions.

Published

2021

33. Message sieving to mitigate smart gridlock attacks in V2V

Author

Hanif Rahbari and Siddharth Dongre

Subjects

Gridlock, Exploit, Computer science, Universal Software Radio Peripheral, Testbed, Volume (computing), Process (computing), 020206 networking & telecommunications, 020302 automobile design & engineering, 02 engineering and technology, Computer security, computer.software_genre, 0203 mechanical engineering, Software deployment, 0202 electrical engineering, electronic engineering, information engineering, computer, Vulnerability (computing)

Abstract

Growing deployment of vehicle-to-vehicle (V2V) communications is expected to significantly increase the volume of Basic Safety Messages (BSM) in highways and dense roads. Computational overhead of verifying the integrity of BSMs will therefore be high while current V2V equipment can process only a limited number of BSMs per second. As a result, critical BSMs carrying vital information may fail to be processed on time, creating unsafe outcomes. In this paper, we expose this vulnerability, discuss critical scenarios, develop novel attacks that exploit this vulnerability, and propose a sieving technique to mitigate these verification gridlock attacks. We show on a USRP testbed that our proposed sieving mechanism to counter sophisticated attackers who exploit this vulnerability achieves 80% accuracy at SNR greater than 6 dB, effectively mitigating the attack.

Published

2021

34. On the Vulnerability of Hardware Masking in Practical Implementations

Author

Haotian Dai and Selcuk Kose

Subjects

Masking (art), Computer science, business.industry, 020208 electrical & electronic engineering, 02 engineering and technology, 020202 computer hardware & architecture, Power (physics), Information sensitivity, 0202 electrical engineering, electronic engineering, information engineering, Side channel attack, Ground noise, Leakage (economics), business, Implementation, Computer hardware, Vulnerability (computing)

Abstract

Masking is a widely used technique to improve security against side channel analysis (SCA) by dividing sensitive information into multiple shares. One of the primary assumptions in masking is that the leakage of each share is independent of the other shares. A successful attack by utilizing the leakage from a single share cannot be performed unless the leakage information from all of the shares is available. When implementing hardware masking, this assumption of independent shares, however, is no longer valid when different shares are connected to the same power delivery network. In this paper, the relationship between different masking shares are quantitatively analyzed. The impact of the power/ground noise in the shared power delivery network on security of masking is investigated. By analyzing the behavior of dependence based on different physical factors, certain insights are presented to improve the security of hardware masking in practical implementations.

Published

2021

35. Understanding Credibility of Adversarial Examples against Smart Grid

Author

Qun Song, Rui Tan, Chao Ren, and Yan Xu

Subjects

0209 industrial biotechnology, Computer science, 020209 energy, Context (language use), 02 engineering and technology, Computer security, computer.software_genre, Field (computer science), Rule of thumb, Adversarial system, 020901 industrial engineering & automation, Smart grid, Credibility, 0202 electrical engineering, electronic engineering, information engineering, Energy informatics, computer, Vulnerability (computing)

Abstract

Stability assessment is an important task for maintaining reliable operations of power grids. With increased system complexity, deep learning-based stability assessment approaches are promising to address the shortfalls of the traditional time-domain simulation-based approaches. However, in the field of computer vision, the deep learning models are shown vulnerable to adversarial examples. Although this vulnerability has been noticed by the energy informatics research, the domain-specific analysis on the requirements imposed for implementing effective adversarial examples is still lacking. These attack requirements, albeit reasonable in computer vision tasks, can be too stringent in the context of power grids. In this paper, we systematically investigate the requirements and discuss the credibility of six representative adversarial example attacks for a case study of voltage stability assessment for the New England 10-machine 39-bus system. We show that (1) compromising the voltage traces of half of transmission system buses is a rule of thumb requirement; (2) the universal adversarial perturbations that are independent of the original clean voltage trajectory have the same credibility as the widely studied false data injection attacks on power grid state estimation, while other adversarial example attacks are less credible; (3) the universal perturbations can be effectively defended with strong adversarial training.

Published

2021

36. Temporal Vulnerability Assessment for Convex Hull Pricing

Author

Chenye Wu and Jian Sun

Subjects

Convex hull, Vulnerability index, Computer science, 020209 energy, Economic dispatch, 02 engineering and technology, Bidding, Environmental economics, Power system simulation, Vulnerability assessment, 0202 electrical engineering, electronic engineering, information engineering, Electricity market, 020201 artificial intelligence & image processing, Vulnerability (computing)

Abstract

Convex hull pricing (CHP) was proposed to align the unit commitment and economic dispatch of the electricity market's sequential processes, by providing the minimal uplift payment. The implementation of CHP and its variants has generated much attention in both academia and industry. However, the vulnerability of CHP has been rarely assessed due to its complex structure. In this paper, to tackle this challenge, an equivalent form of CHP is identified, which provides valuable economic and structural insights. This equivalent form helps in revealing how generator bidding can influence the CHP. Based on this understanding, a vulnerability index is proposed to evaluate the risk that each generator brings to the CHP scheme. Numerical studies suggest the existence of vulnerability in the CHP and also highlight the complex nature of CHP scheme.

Published

2021

37. Dealing with (some of) the fallout from meltdown

Author

Dan Tsafrir, Michael Wei, and Nadav Amit

Subjects

Kernel (linear algebra), Software, Computer science, business.industry, Speculative execution, Isolation (database systems), Page table, Computer security, computer.software_genre, business, computer, Vulnerability (computing)

Abstract

The meltdown vulnerability allows users to read kernel memory by exploiting a hardware flaw in speculative execution. Processor vendors recommend "page table isolation" (PTI) as a software fix, but PTI can significantly degrade the performance of system-call-heavy programs. Leveraging the fact that 32-bit pointers cannot access 64-bit kernel memory, we propose "Shrink", a safe alternative to PTI, which is applicable to programs capable of running in 32-bit address spaces. We show that Shrink can restore the performance of some workloads, suggest additional potential alternatives, and argue that vendors must be more open about hardware flaws to allow developers to design protection schemes that are safe and performant.

Published

2021

38. Regulating Storage Overhead in Existing PoW-based Blockchains

Author

Wenting Li, Ghassan Karame, Jens-Matthias Bohli, and Frederik Armknecht

Subjects

050101 languages & linguistics, Computer science, business.industry, Process (engineering), Tying, Distributed computing, 05 social sciences, Access control, 02 engineering and technology, Mathematical proof, Replication (computing), Proof-of-work system, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, business, Vulnerability (computing)

Abstract

Proof of Work (PoW) blockchains regulate the frequency and security of extensions to the blockchain in a decentralized manner by adjusting the difficulty in the network. However, analogous decentralized measures to regulate the replication level of the associated transactions and blocks data are completely missing so far. We argue that such measures are required as well. On the one hand, the smaller the number of replicas, the higher the vulnerability of the system against compromises and DoS-attacks. On the other hand, the larger the number of replicas, the higher the storage overhead, and the higher the operational blockchain cost are. In this paper, we propose a novel solution, EWoK (Entangled proofs of WOrk and Knowledge), that regulates in a decentralized manner the minimum number of replicas that should be stored by miners in the blockchain. EWoK achieves this by tying replication to the only directly-incentivized process in PoW-blockchains -- which is PoW itself. EWoK only incurs small modifications to existing PoW protocols and is fully compliant with the specifications of existing mining hardware. Our implementation results confirm that EWoK can be easily integrated within existing mining pool protocols, such as GetBlockTemplate and Stratum mining, and does not impair the mining efficiency.

Published

2021

39. Vulnerability Sample Analysis Based on Reverse Debugging

Author

Kang Fei, Bu Wenjuan, Yang Ju, and Xu Jianbo

Subjects

Debugging, Computer science, business.industry, media_common.quotation_subject, Sample (statistics), Software engineering, business, Vulnerability (computing), media_common

Published

2021

40. Look Before You Leap: Secure Connection Bootstrapping for 5G Networks to Defend Against Fake Base-Stations

Author

Ankush Singla, Attila A. Yavuz, Syed Rafiul Hussain, Rouzbeh Behnia, and Elisa Bertino

Subjects

021110 strategic, defence & security studies, Authentication, Computer science, Bootstrapping, business.industry, 0211 other engineering and technologies, Cryptography, 02 engineering and technology, Root cause, Computer security, computer.software_genre, 0202 electrical engineering, electronic engineering, information engineering, Cellular network, Overhead (computing), 020201 artificial intelligence & image processing, business, Protocol (object-oriented programming), computer, Vulnerability (computing)

Abstract

The lack of authentication protection for bootstrapping messages broadcast by base-stations makes impossible for devices to differentiate between a legitimate and a fake base-station. This vulnerability has been widely acknowledged, but not yet fixed and thus enables law-enforcement agencies, motivated adversaries and nation-states to carry out attacks against targeted users. Although 5G cellular protocols have been enhanced to prevent some of these attacks, the root vulnerability for fake base-stations still exists. In this paper, we propose an efficient broadcast authentication protocol based on a hierarchical identity-based signature scheme, Schnorr-HIBS, which addresses the root cause of the fake base-station problem with minimal computation and communication overhead. We implement and evaluate our proposed protocol using off-the-shelf software-defined radios and open-source libraries. We also provide a comprehensive quantitative and qualitative comparison between our scheme and other candidate solutions for 5G base-station authentication proposed by 3GPP. Our proposed protocol achieves at least a 6x speedup in terms of end-to-end cryptographic delay and a communication cost reduction of 31% over other 3GPP proposals.

Published

2021

41. Bypassing Push-based Second Factor and Passwordless Authentication with Human-Indistinguishable Notifications

Author

Jay Prakash, Prakash Shrestha, Mohammed Jubur, and Nitesh Saxena

Subjects

Password, Spoofing attack, Computer science, 020207 software engineering, 02 engineering and technology, Login session, Multi-factor authentication, Login, Computer security, computer.software_genre, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Session (computer science), User interface, computer, Vulnerability (computing)

Abstract

Second factor (2FA) or passwordless authentication based on notifications pushed to a user's personal device (e.g., a phone) that the user can simply approve (or deny) has become widely popular due to its convenience. In this paper, we show that the effortlessness of this approach gives rise to a fundamental design vulnerability. The vulnerability stems from the fact that the notification, as shown to the user, is not uniquely bound to the user's login session running through the browser, and thus if two notifications are sent around the same time (one for the user's session and one for an attacker's session), the user may not be able to distinguish between the two, likely ending up accepting the notification of the attacker's session. Exploiting this vulnerability, we present HIENA, a simple yet devastating attack against such "one-push" 2FA or passwordless schemes, which can allow a malicious actor to login soon after the victim user attempts to login triggering multiple near-concurrent notifications that seem indistinguishable to the user. To further deceive the user into accepting the attacker-triggered notification, HIENA can optionally spoof/mimic the victim's client machine information (e.g., the city from which the victim logs in, by being in the same city) and even issue other third-party notifications (e.g., email or social media) for obfuscation purposes. In case of 2FA schemes, we assume that the attacker knows the victim's password (e.g., obtained via breached password databases), a standard methodology to evaluate the security of any 2FA scheme. To evaluate the effectiveness of HIENA, we carefully designed and ran a human factors lab study where we tested benign and adversarial settings mimicking the user interface designs of well-known one-push 2FA and passwordless schemes. Our results show that users are prone to accepting attacker's notification in HIENA with high rates, about 83% overall and about 99% upon using spoofed information, which is almost similar to the rates of acceptance of benign login sessions. Even for the non-spoofed sessions (our primary attack), the attack success rates are about 68%, which go up to about 90-97% if the attack attempt is repeated 2-3 times. While we did not see a statistically significant effect of using third-party notifications on attack success rate, in real-life, the use of such obfuscation can be quite effective as users may only see one single 2FA notification (corresponding to attacker's session) on top of the notifications list which is most likely to be accepted. We have verified that many widely deployed one-push 2FA schemes (e.g., Duo Push, Authy OneTouch, LastPass, Facebook's and OpenOTP) seem directly vulnerable to our attack.

Published

2021

42. Risk Assessments of Social Engineering Attacks and Set Controls in an Online Education Environment

Author

Jeffrey Miraflores, Jameela Nadine Jamena, Craig James J Jackson, Leanne Kirsten Samala, Eric Blancaflor, and Clarion Von Harvey Banzon

Subjects

Email address, business.industry, Social engineering (security), Internet privacy, Social media, business, Set (psychology), Psychology, Phishing, Field (computer science), Vulnerability (computing), Test (assessment)

Abstract

The cybersecurity attacks for the educational field is not too highlighted in today's time. There is an incoming threat in the educational field that if not look into can result into a dangerous attack than can victimized students and educational institutions, especially those who are from third world countries. This study is to alert and to inform everyone about the vulnerability in gathering data using education as a facade that may result in a serious breach of privacy and security. In this study, a very simple method of getting data was used - survey. The study conducted an experiment where surveys were given to many students and see if they will give their information if they were told that it was for an academic purpose. Plenty of students have answered the survey which aims to get their email address, name, social media accounts and more. From there, the researchers sent the students phishing emails to test if they are mindful of these cyberattacks. The researchers also use the information from the survey to do reconnaissance. This study will show how vulnerable the educational field is to basic cyberattacks and will give some informative recommendations on what to do.

Published

2021

43. Research on Complex Characteristics and Vulnerability of Power Communication Network

Author

Li Peizhe, Quanbiao An, Haotian Liu, Yong Wang, Siyu Yang, Yefan Wu, Zhenfeng Xiao, Jianhan Zhou, Lilin Qiao, and Xiaoping Wu

Subjects

Smart grid, Computer science, Distributed computing, Physical layer, Topology (electrical circuits), Network layer, Complex network, Telecommunications network, Vulnerability (computing), Power (physics)

Abstract

Power communication network is an important supporting network of smart power grid. According to the complex characteristics of power communication network to identify the structural vulnerability of power communication network, how to carry out comprehensive and effective assessment of its vulnerability, this paper proposes an effective assessment method based on the vulnerability loss of power communication network. Firstly, the topology modeling of power communication network is carried out. According to the static parameter characteristics of the network and the static statistical characteristics of the network, the typical model corresponding to the complex network is pointed out, and its characteristics are summarized and verified. Secondly, considering the physical layer and the network layer comprehensively, the importance loss of the physical layer and the maximum connectivity rate of the network layer are defined, and then the vulnerability loss of the network is finally obtained by giving the corresponding weight value respectively, which is used as the vulnerability evaluation index of the power communication network. Finally, based on the simulation background of the actual power communication network in a province, the effectiveness of the method in this paper is proved by comparing the vulnerability loss of different curves.

Published

2021

44. Critical components identification for cyber-physical power systems considering time-varying operational states

Author

Alexandria Stefanov, Ioannis Semertzis, Peter Palensky, and Yigu Liu

Subjects

Electric power system, Identification (information), Vulnerability assessment, Risk analysis (engineering), Computer science, Cyber-physical systems, Cyber-physical system, Resilience (network), Construct (philosophy), Data mining algorithms, Cascading failure, Vulnerability (computing)

Abstract

The security issues of Cyber-Physical power Systems (CPS) have attracted widespread attention from scholars. Vulnerability assessment emerges as an effective method to identify the critical components and thus increase the system resilience. While efforts have been made to study the vulnerability features of power systems under the occurrence of a single, discrete disturbance or failure at a specific time instant, this paper focuses on identifying the critical components of the cyber-physical system considering time-varying operational states. To investigate the potentially ever-changing CPS vulnerability features, in this paper we construct a database of cascading failure chains using quasi-dynamic simulations to capture the vulnerability relationships among components under time-varying operational states. Then, by adopting sequential mining algorithms, we mine the most frequent cascading failure patterns and identify the critical components based on the data mining results. Simulation studies are conducted on IEEE 39-bus and IEEE RTS-96 systems to evaluate the effectiveness of the proposed method for the identification of critical components at both cyber and physical layers.

Published

2021

45. Demonstrating User Authentication via Electrical Muscle Stimulation

Author

Ruben Abbou, Zhuolin Yang, Pedro Lopes, Ben Y. Zhao, Yuxin Chen, and Haitao Zheng

Subjects

Password, Modality (human–computer interaction), Biometrics, Computer science, Electrical muscle stimulation, medicine.medical_treatment, 05 social sciences, Wearable computer, 020207 software engineering, 02 engineering and technology, Login, Human–computer interaction, 0202 electrical engineering, electronic engineering, information engineering, medicine, 0501 psychology and cognitive sciences, Replay attack, 050107 human factors, Vulnerability (computing)

Abstract

We propose a novel modality for active biometric authentication: electrical muscle stimulation (EMS). To explore this, we engineered an interactive system, which we call ElectricAuth, that stimulates the user’s forearm muscles with a sequence of electrical impulses (i.e., EMS challenge) and measures the user’s involuntary finger movements (i.e., response to the challenge). ElectricAuth leverages EMS’s intersubject variability, where the same electrical stimulation results in different movements in different users because everybody’s physiology is unique (e.g., differences in bone and muscular structure, skin resistance and composition, etc.). As such, ElectricAuth allows users to login without memorizing passwords or PINs. ElectricAuth’s challenge-response structure makes it secure against data breaches and replay attacks, a major vulnerability facing today’s biometrics such as facial recognition and fingerprints. Furthermore, ElectricAuth never reuses the same challenge twice in authentications – in just one second of stimulation it encodes one of 68M possible challenges.

Published

2021

46. User Authentication via Electrical Muscle Stimulation

Author

Pedro Lopes, Ruben Abbou, Haitao Zheng, Zhuolin Yang, Ben Y. Zhao, and Yuxin Chen

Subjects

Password, Modality (human–computer interaction), Biometrics, Computer science, Speech recognition, Electrical muscle stimulation, medicine.medical_treatment, medicine, Login, Facial recognition system, Replay attack, Vulnerability (computing)

Abstract

We propose a novel modality for active biometric authentication: electrical muscle stimulation (EMS). To explore this, we engineered an interactive system, which we call ElectricAuth, that stimulates the user’s forearm muscles with a sequence of electrical impulses (i.e., EMS challenge) and measures the user’s involuntary finger movements (i.e., response to the challenge). ElectricAuth leverages EMS’s intersubject variability, where the same electrical stimulation results in different movements in different users because everybody’s physiology is unique (e.g., differences in bone and muscular structure, skin resistance and composition, etc.). As such, ElectricAuth allows users to login without memorizing passwords or PINs. ElectricAuth’s challenge-response structure makes it secure against data breaches and replay attacks, a major vulnerability facing today’s biometrics such as facial recognition and fingerprints. Furthermore, ElectricAuth never reuses the same challenge twice in authentications – in just one second of stimulation it encodes one of 68M possible challenges. In our user studies, we found that ElectricAuth resists: (1) impersonation attacks (false acceptance rate: 0.17% at 5% false rejection rate); (2) replay attacks (false acceptance rate: 0.00% at 5% false rejection rate); and, (3) synthesis attacks (false acceptance rates: 0.2-2.5%). Our longitudinal study also shows that ElectricAuth produces consistent results over time and across different humidity and muscle conditions.

Published

2021

47. OBFUS

Author

Eun-Sun Cho, Sujeong Lee, Seong-Kyun Mok, Seoyeon Kang, and Yumin Kim

Subjects

Source code, Computer science, business.industry, Programming language, media_common.quotation_subject, Software protection, Binary number, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Overlay, Binary programming, computer.software_genre, Obfuscation (software), Software, Software_PROGRAMMINGLANGUAGES, business, computer, Vulnerability (computing), media_common

Abstract

In this paper, we propose OBFUS, a web-based tool that can easily apply obfuscation techniques to high-level and low-level programming languages. OBFUS's high-level obfuscator parses and obfuscates the source code, overlaying the obfuscation to produce more complex results. OBFUS's low-level obfuscator decompiles binary programs into LLVM IR. This LLVM IR pro-gram is obfuscated and the LLVM IR program is recompiled to become an obfuscated binary program.

Published

2021

48. Membership Inference Attacks and Defenses in Classification Models

Author

Ninghui Li, Jiacheng Li, and Bruno Ribeiro

Subjects

FOS: Computer and information sciences, Computer Science - Machine Learning, Computer Science - Cryptography and Security, Computer science, Generalization, Inference, 02 engineering and technology, 010501 environmental sciences, Machine learning, computer.software_genre, 01 natural sciences, Machine Learning (cs.LG), Set (abstract data type), Classifier (linguistics), 0202 electrical engineering, electronic engineering, information engineering, 0105 earth and related environmental sciences, Vulnerability (computing), Artificial neural network, Contextual image classification, business.industry, Softmax function, 020201 artificial intelligence & image processing, Artificial intelligence, business, Cryptography and Security (cs.CR), computer

Abstract

We study the membership inference (MI) attack against classifiers, where the attacker's goal is to determine whether a data instance was used for training the classifier. Through systematic cataloging of existing MI attacks and extensive experimental evaluations of them, we find that a model's vulnerability to MI attacks is tightly related to the generalization gap -- the difference between training accuracy and test accuracy. We then propose a defense against MI attacks that aims to close the gap by intentionally reduces the training accuracy. More specifically, the training process attempts to match the training and validation accuracies, by means of a new {\em set regularizer} using the Maximum Mean Discrepancy between the softmax output empirical distributions of the training and validation sets. Our experimental results show that combining this approach with another simple defense (mix-up training) significantly improves state-of-the-art defense against MI attacks, with minimal impact on testing accuracy.

Published

2021

49. An Investigation of Identity-Account Inconsistency in Single Sign-On

Author

Xing Gao, Guannan Liu, and Haining Wang

Subjects

Password, Authentication, Service (systems architecture), business.industry, Computer science, 05 social sciences, Internet privacy, 020207 software engineering, 02 engineering and technology, Service provider, Email address, Identity provider, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, Single sign-on, business, 050107 human factors, Vulnerability (computing)

Abstract

Single Sign-On (SSO) has been widely adopted for online authentication due to its favorable usability and security. However, it also introduces a single point of failure since all service providers fully trust the identity of a user created by the SSO identity provider. In this paper, we investigate the identity-account inconsistency threat, a new SSO vulnerability that can cause the compromise of online accounts. The vulnerability exists because current SSO systems highly rely on a user’s email address to bind an account with a real identity, but ignore the fact that email addresses might be reused by other users. We reveal that under the SSO authentication, such inconsistency allows an adversary controlling a reused email address to take over associated online accounts without knowing any credentials like passwords. Specifically, we first conduct a measurement study on the account management policies for multiple cloud email providers, showing the feasibility of acquiring previously used email accounts. We further perform a systematic study on 100 popular websites using the Google business email service with our own domain address and demonstrate that most online accounts can be compromised by exploiting this inconsistency vulnerability. To shed light on email reuse in the wild, we analyze the commonly used naming conventions that lead to a wide existence of potential email address collisions, and conduct a case study on the account policies of U.S. universities. Finally, we propose several useful practices for end-users, service providers, and identity providers to protect against this identity-account inconsistency threat.

Published

2021

50. An empirical study of thermal attacks on edge platforms

Author

Justin Duchatellier, Kun Suo, Yong Shi, and Tyler Holmes

Subjects

Empirical research, Edge device, Computer science, Key (cryptography), Energy consumption, Enhanced Data Rates for GSM Evolution, Benchmarking, Computer security, computer.software_genre, computer, Edge computing, Vulnerability (computing)

Abstract

Cloud-edge systems are vulnerable to thermal attacks as the increased energy consumption may remain undetected, while occurring alongside normal, CPU-intensive applications. The purpose of our research is to study thermal effects on modern edge systems. We also analyze how performance is affected from the increased heat and identify preventative measures. We speculate that due to the technology being a recent innovation, research on cloud-edge devices and thermal attacks is scarce. Other research focuses on server systems rather than edge platforms. In our paper, we use a Raspberry Pi 4 and a CPU-intensive application to represent thermal attacks on cloud-edge systems. We performed several experiments with the Raspberry Pi 4 and used stress-ng, a benchmarking tool available on Linux distributions, to simulate the attacks. The resulting effects displayed drastic increases in the temperature and power consumption. The key impact of our research is to highlight the following risks and mitigation plans: the vulnerability of cloud-edge systems from thermal attacks, the capability for the attacks to go unnoticed, to further the understanding of edge devices as well as the prevention of these attacks.

Published

2021